Installing and Troubleshooting the Extraction Agent (2025)
July 2nd, 2025 by Oleg Afonin
Over the years, we’ve published numerous guides on installing the iOS Forensic Toolkit extraction agent and troubleshooting issues. As both the tool and its environment evolved, so did our documentation – often leading to outdated or scattered information. This article consolidates and updates everything in one place, detailing the correct installation and troubleshooting procedures.
Digital Evidence in Encrypted Backups
December 27th, 2021 by Vladimir Katalov
Backups are the primary way to preserve data. On smartphones, backups are handled automatically by the OS. Windows lacks a convincing backup app; numerous third-party tools are available, some of which feature strong encryption. Computer backups may contain valuable evidence that can be useful during an investigation – if you can do something about the password.
Checkm8 Based Extraction of iPhone 7 and iPhone 7 Plus
December 22nd, 2021 by Oleg Afonin
Last month we introduced forensically sound low-level extraction for a range of iPhone devices. Based on the renowned checkm8 exploit, our solution supported devices ranging from the iPhone 5s through 6s/6s Plus/SE. Today, we are extending the range of supported devices, adding checkm8 extraction of the iPhone 7 and 7 Plus.
Microsoft Office 40-bit Encryption and Thunder Tables in Advanced Office Password Recovery
December 20th, 2021 by Oleg Afonin
Before the end of this year, we are releasing one last update. Advanced Office Password Recovery can now break 40-bit encryption in Microsoft Office documents, and gains support for Thunder Tables. What are Thunder Tables exactly, and is 40-bit encryption still relevant? Read along to find out.
WhatsApp Explorer: End-to-End Encrypted Backups and Compatibility Improvements
December 16th, 2021 by Oleg Afonin
WhatsApp is the fastest growing instant messenger app. With over 2 billion monthly users, WhatsApp keeps the crown of the most popular instant messaging tool in the Western hemisphere. The recent introduction of end-to-end encrypted backups and the change of Google’s authentication protocol broke things temporarily for EXWA users, but now everything is back to normal. Learn how Elcomsoft Explorer for WhatsApp can download and decrypt encrypted WhatsApp communication histories from Google Drive and Apple iCloud!
More on checkm8 and USB Hubs, Upcoming iPhone 7 Support
December 14th, 2021 by Elcomsoft R&D
Installing the checkm8 exploit to perform forensically sound extractions with iOS Forensic Toolkit can be tricky, which is in part due to certain hardware peculiarities. If you watch our blog, you might have already read the article on checkm8, checkra1n and USB hubs. We have some good news: we managed to fix some of the issues with or without the use of a USB hub.
Worthless Security Practices
December 1st, 2021 by Oleg Afonin
Many security practices still widely accepted today are things of the past. Many of them made sense at the time of short passwords and unrestricted access to workplaces, while some were learned from TV shows with “Russian hackers” breaking Pentagon. In this article we’ll sort it out.
Real-Time Surveillance via Apple iCloud
November 19th, 2021 by Oleg Afonin
Is surveillance a good or a bad thing? The answer depends on whom you ask. From the point of view of the law enforcement, the strictly regulated ability to use real-time surveillance is an essential part of many investigations. In this article we’ll cover a very unorthodox aspect of real-time surveillance: iCloud.
Forensically Sound Extraction for iPhone 5s, 6, 6s and SE
November 17th, 2021 by Oleg Afonin
Half a year ago, we started a closed beta-testing of a revolutionary new build of iOS Forensic Toolkit. Using the checkm8 exploit, the first beta delivered forensically sound file system extraction for a large number of Apple devices. Today, we are rolling out the new, significantly improved second beta of the tool that delivers repeatable, forensically sound extractions based on the checkm8 exploit.
How to Use iOS Forensic Toolkit 8.0 b2 to Perform Forensically Sound Extraction of iPhone 5s, 6, 6s and SE
November 17th, 2021 by Elcomsoft R&D
The second beta of iOS Forensic Toolkit 8.0 has arrived, offering repeatable, verifiable extraction for a limited range of iOS devices. The new release introduces a brand-new user interface, which differs significantly from the selection-driven console we’ve been using for the past several years. This article describes the new workflow for performing forensically sound extractions with iOS Forensic Toolkit 8.0 beta2.
checkm8, checkra1n and USB hubs
November 16th, 2021 by Elcomsoft R&D
If you ever used the checkra1n jailbreak or the checkm8 acquisition method available in some mobile forensic products like iOS Forensic Toolkit, you know that the trickiest parts of the process are the first two: entering DFU, and using the exploit itself. Even if you have the right cables and enough experience, sometimes you may still bump into a weird issue or two. The device may not enter DFU whatever you do, or the exploit fails. How can you increase your success rate?
